Symantec 250-438 Exam Practice Questions (P. 1)
- Full Access (70 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a `copy to USB device` operation?
- AAdd a ג€Limit Incident Data Retentionג€ response rule with ג€Retain Original Messageג€ option selected.
- BModify the agent config.db to include the file
- CModify the ג€Endpoint_Retain_Files.intג€ setting in the Endpoint server configuration
- DModify the agent configuration and select the option ג€Retain Original Filesג€
Correct Answer:
A
A
send
light_mode
delete
Question #2
What is the correct configuration for `BoxMonitor.Channels` that will allow the server to start as a Network Monitor server?
- APacket Capture, Span Port
- BPacket Capture, Network Tap
- CPacket Capture, Copy Rule
- DPacket capture, Network Monitor
Correct Answer:
C
Reference:
https://support.symantec.com/en_US/article.TECH218980.html
C
Reference:
https://support.symantec.com/en_US/article.TECH218980.html
send
light_mode
delete
Question #3
Under the `System Overview` in the Enforce management console, the status of a Network Monitor detection server is shown as `Running Selected.` The Network
Monitor server's event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
Monitor server's event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
- AThere is insufficient disk space on the Network Monitor server.
- BThe Network Monitor server's certificate is corrupt or missing.
- CThe Network Monitor server's license file has expired.
- DThe Enforce and Network Monitor servers are running different versions of DLP.
Correct Answer:
D
D
send
light_mode
delete
Question #4
Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)
- AAny customer-hosted private cloud
- BAmazon Web Services
- CAT&T
- DVerizon
- ERackspace
Correct Answer:
BE
Reference:
https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/8000/DOC8244/en_US/
Symantec_DLP_15.0_Cloud_Prevent_O365.pdf?__gda__=1554430310_584ffada3918e15ced8b6483a2bfb6fb
(14)
BE
Reference:
https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/8000/DOC8244/en_US/
Symantec_DLP_15.0_Cloud_Prevent_O365.pdf?__gda__=1554430310_584ffada3918e15ced8b6483a2bfb6fb
(14)
send
light_mode
delete
Question #5
A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco's role has the `User Reporting` privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco's role has the `User Reporting` privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?
- AOnly DLP administrators are permitted to access and view data for high risk users.
- BThe Enforce server has insufficient permissions for importing user attributes.
- CUser attribute data must be configured separately from incident data attributes.
- DUser attributes have been incorrectly mapped to Active Directory accounts.
Correct Answer:
D
D
send
light_mode
delete
All Pages